Merge "Block attempts to transfer encrypted volumes"

cinder/tests/unit/test_volume_transfer.py

@@ -17,6 +17,7 @@ import mock
 from oslo_utils import timeutils
 
 from cinder import context
+from cinder import db
 from cinder import exception
 from cinder import objects
 from cinder import quota
@@ -68,6 +69,16 @@ class VolumeTransferTestCase(test.TestCase):
         volume = objects.Volume.get_by_id(self.ctxt, volume.id)
         self.assertEqual('in-use', volume['status'], 'Unexpected state')
 
+    def test_transfer_invalid_encrypted_volume(self):
+        tx_api = transfer_api.API()
+        volume = utils.create_volume(self.ctxt, updated_at=self.updated_at)
+        db.volume_update(self.ctxt,
+                         volume.id,
+                         {'encryption_key_id': fake.ENCRYPTION_KEY_ID})
+        self.assertRaises(exception.InvalidVolume,
+                          tx_api.create,
+                          self.ctxt, volume.id, 'Description')
+
     @mock.patch('cinder.volume.utils.notify_about_volume_usage')
     def test_transfer_accept_invalid_authkey(self, mock_notify):
         svc = self.start_service('volume', host='test_host')

cinder/transfer/api.py

@@ -120,6 +120,9 @@ class API(base.Base):
         volume_ref = self.db.volume_get(context, volume_id)
         if volume_ref['status'] != "available":
             raise exception.InvalidVolume(reason=_("status must be available"))
+        if volume_ref['encryption_key_id'] is not None:
+            raise exception.InvalidVolume(
+                reason=_("transferring encrypted volume is not supported"))
 
         volume_utils.notify_about_volume_usage(context, volume_ref,
                                                "transfer.create.start")